Agasa Master Link: https://www.zhihu.com/question/24723688/answer/48369770 Source: The copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.
http://z00w00.blog.51cto.com/515114/1031287
In the case of Cologne martial arts, agency service technology is a very old technology, is the use of technology in the early days of the Internet. The general way to implement agent technology is to install agent service software on the server, so that it becomes a proxy server, so as to implement agent technology. Commonly used agent technology is divided into forward agent, reverse proxy and transparent proxy. This article is aimed at these three kinds of agents to explain some basic principles and specific scope of application, so that we can better understand the agency service technology. First, forward proxy (Forward proxy) in general, if not specifically stated, the proxy technology by default is the forward proxy technology. The concept of a forward proxy is as follows: The forward proxy (forward) is a server "proxy z" between the client "User A" and the original server (origin server) "Server B", in order to obtain the content from the original server. User A sends a request to Proxy server z and specifies the target (server B), and then proxy server Z forwards the request to Server B and returns the obtained content to the client. The client must make some special settings to use the forward proxy. As 1.1 (Figure 1.1) from the above concept, we see that the so-called forward proxy is the proxy server instead of the access "User A" to access the target server "Server B" This is the meaning of the forward proxy. And why use proxy server instead of "User a" to access Server B? This should start with the meaning of the proxy server usage. Using a forward proxy server has the following main functions: 1, access to this unreachable server B, such as 1.2 (Figure 1.2) We remove the complex network routing plot look at figure 1.2, assuming that the router in the diagram from left to right named R1, R2 assumes that the initial user A to access Server B needs to go through a routing node such as R1 and R2 routers, and if the router R1 or router R2 fails, then Server B cannot be accessed. However, if User a lets proxy server z go instead of accessing Server B, because proxy z is not in the router R1 or R2 node, but instead accesses server B through other routing nodes, user A can get the data for Server B. The real example is "FQ". However, since VPN technology is widely used, "FQ" not only uses the traditional forward proxy technology, but also uses the VPN technology.  2, accelerating access to Server B This is not as popular as it used to be, it is mainly the rapid development of bandwidth traffic. In the early forward proxy, many people use the forward proxy to speed up. Or 1.2 assume that user A to Server B, through the R1 router and the R2 router, while the R1 to the R2 router's link is a low bandwidth link. User A to proxy z, from proxy server Z to Server B, is a high-bandwidth link. Well, obviously, you can.Accelerated access to Server B. 3, cache caching, and proxy service technologies are closely linked (not just forward proxies, but also cache technology used by reverse proxies). As shown, if the data j is accessed by proxy server z before user A accesses server B data J, Proxy Server Z will save the data J for a period of time, and if someone happens to fetch the data J, then proxy server z no longer accesses Server B. and the cached data J is sent directly to user A. This technique is called the cache hit by the term in the cache. If there are more users like user A to Access Proxy Z, then these users can get data J directly from Proxy server z, instead of going to Server B to download the data.  4, Client access authorization this aspect of the content is still more used today, for example, some companies use ISA Server as a forward proxy server to grant users access to the Internet, creases 1.3 (Figure 1.3) Figure 1.3 The firewall acts as a gateway to filter access to the extranet. Assuming that both user A and User B have a proxy server, user A allows access to the Internet, and User B does not allow access to the Internet (this is limited on proxy server z) so that user A is authorized to access server B through a proxy server, and User B is not authorized by proxy Server Z, So when you access server B, the packets are discarded directly. 5, hide the whereabouts of visitors such as 1.4 we can see that Server B does not know that access to their own is actually user A, because proxy server z instead of user A to directly interact with Server B. If the proxy server z is fully controlled (or not fully controlled) by user A, it will be used in the term "broiler". (Figure 1.4) We summarize that the forward proxy is a server located between the client and the originating server (Origin server), in order to get the content from the original server, the client sends a request to the agent and specifies the target (the original server). The agent then forwards the request to the original server and returns the obtained content to the client. The client must set up a forward proxy server, if you know the IP address of the forward proxy and the port of the agent. Reverse proxy (reverse proxy) The reverse proxy is exactly the opposite of the forward proxy, and for the client the proxy server is like the original server, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (Name-space), and the reverse proxy determines where (the originating server) forwards the request and returns the obtained content to the client. The role of using a reverse proxy server is as follows: 1, protect and hide raw resource servers such as 2.1 (Fig. 2.1) User A always considers that it accesses the original Server B instead of the proxy server Z, but the utility's reverse proxy server accepts user A's response, obtains the user A's requirement resource from the original resource Server B, and sends it to user A. Because of the role of the firewall, only proxy server z is allowed to access the original resource Server B. Although in this virtual environment, the common role of firewalls and reverse proxies protects raw resource Server B, but user A is unaware.2. Load Balancingsuch as 2.2 (Figure 2.2) when the reverse proxy server is more than one, we can even make them into clusters, when more users access resource Server B, Let the different proxy servers Z (x) answer different users and then send the resources required by different users. Of course the reverse proxy server, like a forward proxy server, has the role of cache, which caches the resources of the original resource Server B, instead of requesting data from raw resource Server B every time, especially some static data, slices and files, If these reverse proxy servers are able to be from the same network as user X, then user x accesses the reverse proxy server x and gets a high-quality speed. This is the core of CDN technology. such as 2.3 (Figure 2.3) We do not explain the CDN, so remove the CDN most critical core technology intelligent DNS. Just demonstrating that CDN technology is actually using the reverse proxy principle is the block. Reverse proxy conclusion in contrast to the forward proxy, it is like the original server for the client, and the client does not need to make any special settings. The client sends a normal request to the content in the reverse proxy's namespace (name-space), and then the reverse proxy determines where (the originating server) forwards the request and returns the obtained content to the client, as if the content had been its own. Basically, the web to do a lot of positive and negative agents, can do a positive proxy software most can also do reverse proxy. The most popular of the open source software is squid, can do both forward proxy, there are many people used to do reverse proxy front-end server. In addition, Ms Isa can be used to make a forward proxy under the Windows platform. The most important practice in reverse proxy is Web service, the most fire in recent years is nginx. Some people on the internet say Nginx can not do a positive proxy, in fact, it is wrong. Nginx can also be a forward agent, but with fewer people. Transparent Agent If the forward agent, reverse proxy and transparent agent according to the human blood relations to divide. Then the forward proxy and transparent proxy is very obvious, and the forward proxy and reverse proxy is a cousin relationship. Transparent proxy means that the client does not need to know the existence of a proxy server, it adapts your request fields (messages), and transmits the real IP. Note that encrypted transparent proxies are anonymous proxies, meaning that you do not have to use proxies. Examples of transparent proxy practices are the behavior management software used by many companies nowadays. such as 3.1 (Figure 3.1) User A and User B do not know that the behavior Management device acts as a transparent proxy, When user A or User B submits a request to server A or server B, the transparent proxy device intercepts and modifies the message of User A or B according to its policy and, as the actual requester, sends a request to server A or B, and when the receiving information is returned, the transparent agent sends the allowed message back to user A or B according to its own settings, as , if the transparent proxy setting does not allow access to Server B, then user A or User B will not get Server B's data.[Go] plot forward proxy, reverse proxy, transparent proxy
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
